Typically, in order to connect multiple client devices wirelessly and to form Wireless Local Area Network (WLAN), the Institute of Electrical and Electronics Engineers (IEEE) standard 802.11 based protocol may be used. This protocol is more commonly known as Wi-Fi. However, since the user data is transmitted wirelessly, it may be susceptible to interception by any anonymous device which can retrieve user data. To overcome this vulnerability, device authentication and data encryption mechanisms are provided by Wi-Fi security standards.
A hotspot device as defined herein is a router or a gateway that may provide wireless internet access to multiple client devices at the same time over a WLAN. As illustrated in FIG. 1 the source of internet service for a hotspot device may be a traditional internet service such as Digital Subscriber Line (DSL), Cable modem, T1 line, fibre optic cable, etc. A hotspot device may also be referred to as an Access Point (AP) and these two terms may be used interchangeably herein.
A mobile hotspot device as defined herein and illustrated in FIG. 2 is a portable router or a gateway that may use mobile broadband service from cellular networks to provide wireless internet access to multiple client devices at the same time over a WLAN.
Wi-Fi security standards require a password to authenticate a client device connection with a hotspot device. An end user may have to provide the network password every time a new client device is connected to a Wi-Fi network.
Wi-Fi Protected Setup (WPS) is a network security standard that enables an end user to easily provide a secure access to a wireless network. WPS also makes it easier to add new devices to a wireless network. With WPS, there is no need for a user to enter the network password. If the WPS feature is available in both the hotspot device and a client device, then the client device may be connected to the Wi-Fi network without password by enabling WPS in the hotspot device first and then enabling WPS in a client device. With this method, the Wi-Fi network name known as Service Set Identifier (SSID) and the security standard of the Wi-Fi network are configured automatically in a client device and in a hotspot device. This makes the process of configuring a network for a client device easier for an end user.
A Media Access Control (MAC) address is a unique identifier assigned to devices on a network. MAC addresses are used as a network address for most IEEE 802 series standards based network technologies, including Ethernet and Wi-Fi. In order to further increase the security, MAC address filtering may be enabled in a hotspot device. Without MAC address filtering, any wireless client device may join a Wi-Fi network if the Wi-Fi SSID of the network and network password are known. To support MAC address filtering, a hotspot device may maintain two lists namely “Authenticate list” and “Block list.” The Authenticate list may contain a list of MAC addresses of client devices to which the hotspot device may grant access. The Block list may contain a list of MAC addresses of client devices to which the hotspot device may block from accessing the network.
Once the MAC address filtering is enabled, whenever a hotspot device receives a request from a client device to join the network, it compares the MAC address of that client device against the Authenticate list. With this method, only client devices with MAC addresses registered in the Authenticate list may be connected to a hotspot device. To use the MAC address filtering method to authenticate a client device, an end user may have to find the MAC address of a client device and add it to the Authenticate list. However, this increases the complexity of operation for the end user who has to add a new client device to a wireless network.